Today we’re excited to release our first new PHP analysis checks since launching our PHP public beta.
Working with early customers and developers in the PHP community, we’ve focused on creating checks that flag a number of specific, impactful and actionable issues related to code clarity, security, compatibility and potential for bugs.
In addition to complexity and duplication, Code Climate now checks your PHP code for:
Non-standard PHP opening tags
Non-standard PHP opening tags such as
<script language=php">are less portable than the standard, recommended
PHP closing tags
Using PHP closing tags is prohibited by many style guides, including PSR-2, Zend Framework, Symfony, and CodeIgniter. By omitting the closing tag you can avoid a common class of bugs which cause malformed or just plain broken responses.
Just say “no” to
evalinevitably leads to insecure, slow, and hard to follow code.
Direct access to superglobals such as
$_ENVcan create both maintainability and security problems. For these and other reasons many PHP frameworks wrap superglobals in a Request object.
Classes with too many public methods
A class with an excessive number of public methods has too many responsibilities and is a coupling liability that can be difficult to refactor.
Short method names
We’ll flag any method names that are 1-2 characters long. Short method names convey too little information at best, and are confusing or error prone at worst.
Error suppression using
@symbol before an expression in PHP suppresses any errors generated by that expression, including fatal errors. This makes debugging code difficult, and goes against the best practice of gracefully handling errors.
The PHP manual, along with PHP-FIG’s PSR-1, recommends that the names of constants should always be uppercase. This makes them easy to identify and easier to scan for when reading the code.
Too many arguments to a method
Methods or functions which take too many parameters are inconvenient and error-prone for consumers of the code and are confusing in terms of design. This check previously existed, but we’ve tuned and calibrated it to be more strict.
Stay tuned, we’ve got more checks on the way.